From owner-svn-ports-all@FreeBSD.ORG Fri May 22 19:06:28 2015 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id BD51891E; Fri, 22 May 2015 19:06:28 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9245F1ED5; Fri, 22 May 2015 19:06:28 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t4MJ6SxU001717; Fri, 22 May 2015 19:06:28 GMT (envelope-from girgen@FreeBSD.org) Received: (from girgen@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id t4MJ6Sr1001716; Fri, 22 May 2015 19:06:28 GMT (envelope-from girgen@FreeBSD.org) Message-Id: <201505221906.t4MJ6Sr1001716@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: girgen set sender to girgen@FreeBSD.org using -f From: Palle Girgensohn Date: Fri, 22 May 2015 19:06:28 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r387053 - head/security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 May 2015 19:06:28 -0000 Author: girgen Date: Fri May 22 19:06:27 2015 New Revision: 387053 URL: https://svnweb.freebsd.org/changeset/ports/387053 Log: Record some minor PostgreSQL sercurity problems. "This update fixes three security vulnerabilities reported in PostgreSQL over the past few months. Nether of these issues is seen as particularly urgent. However, users should examine them in case their installations are vulnerable." URL: http://www.postgresql.org/about/news/1587/ Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Fri May 22 19:03:57 2015 (r387052) +++ head/security/vuxml/vuln.xml Fri May 22 19:06:27 2015 (r387053) @@ -57,6 +57,59 @@ Notes: --> + + PostgreSQL -- minor security problems. + + + postgresql90-server + 9.0.09.0.20 + + + postgresql91-server + 9.1.09.1.16 + + + postgresql92-server + 9.2.09.2.11 + + + postgresql93-server + 9.3.09.3.7 + + + postgresql94-server + 9.4.09.4.2 + + + + +

PostgreSQL project reports:

+
+ This update fixes three security vulnerabilities reported in + PostgreSQL over the past few months. Nether of these issues is seen as + particularly urgent. However, users should examine them in case their + installations are vulnerable:. +
+
+
CVE-2015-3165 Double "free" after authentication timeout.
+
CVE-2015-3166 Unanticipated errors from the standard library.
+
CVE-2015-3167 pgcrypto has multiple error messages for decryption with an incorrect key.
+
+

+ + + + CVE-2015-3165 + CVE-2015-3166 + CVE-2015-3167 + + + 2015-04-10 + 2015-05-22 + + + proftpd -- arbitrary code execution vulnerability with chroot